The guidelines, issued Monday by public and private sector cybersecurity experts, are considered the low-hanging fruit to help agencies improve their network security immediately, says John Gilligan, a former Air Force and Energy Department chief information officer.